mixed-content-with-csp.html | Explore in Territory

<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
This page includes an insecure script that alerts "FAIL", but that script is blocked by CSP.
<script src="http://127.0.0.1:8080/security/contentSecurityPolicy/resources/alert-fail.js"></script>

chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/resources/mixed-content-with-csp.html